CentOS / Redhat: Turn On SELinux Protection

GIT – SELinux enforces the idea that programs should be limited in what files they can access and what actions they can take. However, by default it is turned off under RHEL / CentOS 5.x server? How do I turn it on?

SELinux is a kernel security extension, which can be used to guard against misconfigured or compromised programs. It comes with Mandatory Access Control (MAC) system that improves the traditional UNIX/Linux DAC (Discretionary Access Control) model.

How Do I Enable SELinux under Redhat / Fedora and CentOS Linux Systems?

Save and close the file. Make sure SELinux is not disabled using Grub boot loader. Search /boot/grub/grub.conf file using grep and make sure the following line DO NOT appears:# egrep -i 'selinux=0|enforcing=0' /boot/grub/grub.conf
If you found lines with selinux=0 or enforcing=0, remove them and save the changes.

Prepare File System For The Reboot

The chcon command can be used to change SELinux security context of a file. However, it is recommended that you relabel complete filesystem.

Restore Default Security Contexts

Type the following command to restore default security contexts for /home:# restorecon -Rv -n /home
You can run this on root (/) file system too.

Relabel Complete Filesystem

Do not skip this step and reboot the system. Type the following commands:# touch /.autorelabel
# reboot
It will take some time to relabel complete filesystem. If you get any errors or common services mysqld or sshd failed, try the following solution (go to a single user mode):# init 1
# genhomedircon
# touch /.autorelabel
# reboot

By default SELinux will block access to many ports including 8181. You need to allow access to a port # 8181 so that it can bind and listen for incoming requests on non privileged ports. You need to use the semanage command as follows:# semanage port -a -t http_port_t -p tcp 8181